思科運行商XR設備實現跨域MPLS ***的Option3(即OptionC)方案詳解
圖8-2 域間MPLS ×××解決方案C(3)實施拓撲
承載×××路由的MPLS骨幹網跨越多個AS,須要配置跨域×××。當每一個AS都有大量的×××路由須要交換時,可選擇跨域×××-OptionC方式,防止ASBR成爲阻礙網絡進一步擴展的瓶頸,進一步解決OptionB中ASBR設備收取了全部客戶的×××v4路由缺陷。同時在OptionC中,設置了多協議BGP的RR設備,這使得網絡架構更加清晰。
OptionC的整體層次化結構:
1.在P設備上實施MP-BGP的路由反射器,用於接收×××V4路由並反射到EBGP鄰居
2.爲了構建BGP的反射器,須要在ASBR之間構建IPv4單播的EBGP鄰居、ASBR和RR之間構建IPv4單播的IBGP鄰居用於更新反射器的環回接口
3.在RR和PE之間構建多協議BGP的iBGP鄰居用於把客戶的×××v4路由更新到RR設備。
在後續的內容中,咱們再來實現標籤的連續性。
咱們在圖8-2中實施本案例,請讀者把OptionC做爲學習的重點,它幾乎是運營商CCIE的必考點。跨域
8.3.1 實施各AS內部的IGP和LDP協議
如圖8-2所示,在AS100內實施OSPF協議,在AS200內實施IS-IS協議,而且完成LDP的自動配置。網絡
AS200: ASBR-R4(config)#router isis ASBR-R4(config-router)# net 49.4567.0000.0000.4444.00 ASBR-R4(config-router)# mpls ldp autoconfig level-1 ASBR-R4(config-router)# is-type level-1 ASBR-R4(config-router)# metric-style wide ASBR-R4(config-router)# log-adjacency-changes ASBR-R4(config-router)#int lo0 ASBR-R4(config-if)#ip router isis ASBR-R4(config-if)#int e0/1 ASBR-R4(config-if)#ip router isis ASBR-R4(config-if)#int e0/3 ASBR-R4(config-if)#ip router isis ! RR-R5(config)#router isis RR-R5(config-router)# net 49.4567.0000.0000.5555.00 RR-R5(config-router)# is-type level-1 RR-R5(config-router)# metric-style wide RR-R5(config-router)# log-adjacency-changes RR-R5(config-router)#mpls ldp autoconfig level-1 RR-R5(config-router)# RR-R5(config-router)#exi RR-R5(config)#int lo0 RR-R5(config-if)#ip router isis RR-R5(config-if)#int r e0/0 - 1 RR-R5(config-if-range)#ip router isis ! PE-R6(config)#router isis PE-R6(config-router)# mpls ldp autoconfig level-1 PE-R6(config-router)# is-type level-1 PE-R6(config-router)# metric-style wide PE-R6(config-router)# log-adjacency-changes PE-R6(config-router)# net 49.4567.0000.0000.6666.00 PE-R6(config-router)# PE-R6(config-router)#exi PE-R6(config)#int lo0 PE-R6(config-if)#ip router isis PE-R6(config-if)#int r e0/1 - 2 PE-R6(config-if-range)#ip router isis
驗證IS-IS鄰居和LDP鄰居
RR-R5#show isis neighbors 架構
System Id Type Interface IP Address State Holdtime Circuit Id
ASBR-R4 L1 Et0/0 45.1.1.4 UP 22 RR-R5.01
PE-R6 L1 Et0/1 56.1.1.6 UP 25 RR-R5.02
RR-R5#show mpls ldp neighbor
Peer LDP Ident: 44.1.1.1:0; Local LDP Ident 55.1.1.1:0
TCP connection: 44.1.1.1.646 - 55.1.1.1.35275
State: Oper; Msgs sent/rcvd: 14/15; Downstream
Up time: 00:04:40
LDP discovery sources:
Ethernet0/0, Src IP addr: 45.1.1.4
Addresses bound to peer LDP Ident:
45.1.1.4 24.1.1.4 46.1.1.4 44.1.1.1
Peer LDP Ident: 66.1.1.1:0; Local LDP Ident 55.1.1.1:0
TCP connection: 66.1.1.1.22823 - 55.1.1.1.646
State: Oper; Msgs sent/rcvd: 13/14; Downstream
Up time: 00:04:35
LDP discovery sources:
Ethernet0/1, Src IP addr: 56.1.1.6
Addresses bound to peer LDP Ident:
56.1.1.6 46.1.1.6 66.1.1.1
查看標籤轉發表,因爲P設備恰好是LSP的次末跳設備,因此,它看到的去往ASBR和PE的環回口標籤應該爲Pop
RR-R5#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 44.1.1.1/32 0 Et0/0 45.1.1.4
17 Pop Label 46.1.1.0/24 0 Et0/0 45.1.1.4
Pop Label 46.1.1.0/24 0 Et0/1 56.1.1.6
18 Pop Label 66.1.1.1/32 0 Et0/1 56.1.1.6
AS100的配置app
R3: router ospf 110 mpls ldp autoconfig area 0 ! interface Loopback0 ip address 33.1.1.1 255.255.255.255 ip ospf 110 area 0 ! interface Ethernet0/1 ip address 23.1.1.3 255.255.255.0 ip ospf 110 area 0 end ! interface Ethernet0/2 ip address 13.1.1.3 255.255.255.0 ip ospf 110 area 0 XR1: router ospf 110 area 0 mpls ldp auto-config interface Loopback0 ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! mpls ldp router-id 22.1.1.1 XR2: router ospf 110 area 0 mpls ldp auto-config interface Loopback0 ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/2 ! ! ! mpls ldp router-id 22.1.1.1
驗證OSPF鄰居、LDP鄰居和標籤轉發表
RR-R3#show ip ospf neiide
Neighbor ID Pri State Dead Time Address Interface
11.1.1.1 1 FULL/BDR 00:00:31 13.1.1.1 Ethernet0/2
22.1.1.1 1 FULL/BDR 00:00:34 23.1.1.2 Ethernet0/1
RR-R3#show mpls ldp neighbor
Peer LDP Ident: 11.1.1.1:0; Local LDP Ident 33.1.1.1:0
TCP connection: 11.1.1.1.646 - 33.1.1.1.16513
State: Oper; Msgs sent/rcvd: 17/18; Downstream
Up time: 00:08:07
LDP discovery sources:
Ethernet0/2, Src IP addr: 13.1.1.1
Addresses bound to peer LDP Ident:
12.1.1.1 13.1.1.1 11.1.1.1
Peer LDP Ident: 22.1.1.1:0; Local LDP Ident 33.1.1.1:0
TCP connection: 22.1.1.1.646 - 33.1.1.1.49735
State: Oper; Msgs sent/rcvd: 14/15; Downstream
Up time: 00:04:20
LDP discovery sources:
Ethernet0/1, Src IP addr: 23.1.1.2
Addresses bound to peer LDP Ident:
22.1.1.1 23.1.1.2 12.1.1.2
Duplicate Addresses advertised by peer:
13.1.1.1
RR-R3#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 12.1.1.0/24 0 Et0/2 13.1.1.1
Pop Label 12.1.1.0/24 0 Et0/1 23.1.1.2
17 Pop Label 11.1.1.1/32 599 Et0/2 13.1.1.1
18 Pop Label 22.1.1.1/32 503 Et0/1 23.1.1.2
到此兩個AS的域內配置完畢工具
8.3.2 構建RR之間的MP-EBGP鄰居關係
爲了使得RR之間能構建EBGP鄰居,那麼須要在兩個ASBR之間構建IPv4單播的EBGP,以及構建RR和ASBR之間的IBGP鄰居。即R2和R4創建EBGP鄰居,R3和R2以及R5和R4創建IBGP鄰居。而後通告R3和R5的環回口,使得二者能夠創建EBGPoop
XR2: route-policy EBGP pass end-policy router bgp 100 address-family ipv4 unicast ! neighbor 24.1.1.4 remote-as 200 address-family ipv4 unicast route-policy EBGP in route-policy EBGP out ! ! neighbor 33.1.1.1 remote-as 100 update-source Loopback0 address-family ipv4 unicast next-hop-self ! R3: router bgp 100 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 22.1.1.1 remote-as 100 neighbor 22.1.1.1 update-source Loopback0 ! address-family ipv4 network 33.1.1.1 mask 255.255.255.255 neighbor 22.1.1.1 route-reflector-client neighbor 22.1.1.1 activate ! ASBR-R4 router bgp 200 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 24.1.1.2 remote-as 100 neighbor 55.1.1.1 remote-as 200 neighbor 55.1.1.1 update-source Loopback0 ! address-family ipv4 neighbor 24.1.1.2 activate neighbor 55.1.1.1 activate neighbor 55.1.1.1 next-hop-self ! R5: router bgp 200 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 44.1.1.1 remote-as 200 neighbor 44.1.1.1 update-source Loopback0 ! address-family ipv4 network 55.1.1.1 mask 255.255.255.255 neighbor 44.1.1.1 route-reflector-client neighbor 44.1.1.1 activate
本步驟都是常規的創建IPv4單播BGP的鄰居和更新RR的環回口路由便可。
RP/0/0/CPU0:ASBR-2#show bgp ipv4 unicast summary //ASBR構建成功EBGP鄰居和IBGP鄰居
Fri Oct 14 12:52:56.454 UTC
BGP router identifier 22.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 4
BGP main routing table version 4
BGP scan interval 60 secs學習
BGP is operating in STANDALONE mode.優化
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 4 4 4 4 4 4ui
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
24.1.1.4 0 200 109 99 4 0 0 01:35:33 1
33.1.1.1 0 100 118 104 4 0 0 01:40:52 1
咱們的目的是使得R3和R5的環回口能夠通訊,那咱們來查看經過BGP更新獲得的路由
RR-R3#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
55.0.0.0/32 is subnetted, 1 subnets
B 55.1.1.1 [200/0] via 22.1.1.1, 00:21:30
RR-R5#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
33.0.0.0/32 is subnetted, 1 subnets
B 33.1.1.1 [200/0] via 44.1.1.1, 01:41:23
RR-R5#ping 33.1.1.1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 55.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
環回口之間已經能夠通訊,那麼如今咱們來構建MP-EBGP鄰居
RR-R5(config)#router bgp 200 RR-R5(config-router)#neighbor 33.1.1.1 remote-as 100 RR-R5(config-router)#neighbor 33.1.1.1 update-source lo0 RR-R5(config-router)#neighbor 33.1.1.1 ebgp-multihop RR-R5(config-router)#address-family ***v4 RR-R5(config-router-af)#neighbor 33.1.1.1 activate ! RR-R3(config)#router bgp 100 RR-R3(config-router)#neighbor 55.1.1.1 remote-as 200 RR-R3(config-router)#neighbor 55.1.1.1 update-source lo0 RR-R3(config-router)#neighbor 55.1.1.1 ebgp-multihop RR-R3(config-router)#address-family ***v4 RR-R3(config-router-af)#neighbor 55.1.1.1 activate
RR之間的多協議BGP已經創建
RR-R3#show bgp ***v4 unicast all summary
BGP router identifier 33.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
55.1.1.1 4 200 11 12 1 0 0 00:08:03 0
RR-R5#show bgp ***v4 unicast all summary
BGP router identifier 55.1.1.1, local AS number 200
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
33.1.1.1 4 100 12 12 1 0 0 00:08:35 0
RR-R5#
8.3.3 構建RR和PE設備的MP-iBGP鄰居關係
本步驟的目的是使得PE獲得的客戶的×××v4路由能夠更新到RR,而後經過RR更新給對端的EBGP
XR1:
router bgp 100 address-family ***v4 unicast ! neighbor 33.1.1.1 remote-as 100 update-source Loopback0 address-family ***v4 unicast ! R3: RR-R3(config)#router bgp 100 RR-R3(config-router)#neighbor 11.1.1.1 remote-as 100 RR-R3(config-router)#neighbor 11.1.1.1 update-source lo0 RR-R3(config-router)#address-family ***v4 unicast RR-R3(config-router-af)#neighbor 11.1.1.1 activate RR-R3(config-router-af)#neighbor 11.1.1.1 route-reflector-client ! R5: RR-R5(config)#router bgp 200 RR-R5(config-router)#neighbor 66.1.1.1 remote-as 200 RR-R5(config-router)#neighbor 66.1.1.1 update-source lo0 RR-R5(config-router)#address-family ***v4 unicast RR-R5(config-router-af)#neighbor 66.1.1.1 route-reflector-client ! PE-R6(config)#router bgp 200 PE-R6(config-router)#neighbor 55.1.1.1 remote-as 200 PE-R6(config-router)#neighbor 55.1.1.1 update-source lo0 PE-R6(config-router)#address-family ***v4 PE-R6(config-router-af)#neighbor 55.1.1.1 update-source lo0 PE-R6(config-router-af)#neighbor 55.1.1.1 activate PE-R6(config-router-af)#
驗證MP-BGP鄰居
RR-R5#show bgp ***v4 unicast all summary //RR和本AS的PE構建了iBGP鄰居,和對端AS的RR構建了EBGP鄰居
BGP router identifier 55.1.1.1, local AS number 200
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
33.1.1.1 4 100 330 328 1 0 0 04:54:47 0
66.1.1.1 4 200 5 5 1 0 0 00:01:23 0
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast summary //PE和RR構建了正常的BGP鄰居
Fri Oct 14 17:52:32.823 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 1
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 1 1 1 1 1 1
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
33.1.1.1 0 100 8 6 1 0 0 00:03:41 0
8.3.4 實施VRF而且實施客戶端的BGP協議以獲取×××v4路由
本步驟的主要目的是獲取客戶的路由而且更新到其餘CE站點
XR上實施VRF而且和R8構建EBGP鄰居
vrf Ender
address-family ipv4 unicast
import route-target
100:200
!
export route-target
100:200 //實施RT值爲100:200
!
!
!
interface GigabitEthernet0/0/0/3
vrf Ender //把鏈接CE的接口劃入VRF接口
ipv4 address 18.1.1.1 255.255.255.0
no shutdown
!
router bgp 100
vrf Ender
rd 100:200 //在BGP的vrf下設置RD值,該值自定義
address-family ipv4 unicast //在BGP的vrf地址族初始化IPv4單播地址族
!
neighbor 18.1.1.8
remote-as 300
address-family ipv4 unicast
as-override //和CE激活IPv4鄰居,而且配置修改AS的命令,使得CE能夠正常獲得其餘CE站點的路由,用以解決EBGP防環致使的路由沒法收取問題
route-policy PASS in
route-policy PASS out//針對鄰居應用放行全部EBGP鄰居,不然默認爲丟棄策略
!
route-policy PASS
pass
end-policy
R8:
router bgp 300
bgp log-neighbor-changes
network 88.1.1.1 mask 255.255.255.255
neighbor 18.1.1.1 remote-as 100
咱們能夠直接查看R3,若是PE和CE構建了鄰居,那麼PE會把路由更新到R3
RR-R3#show bgp ***v4 unicast all //R3已經正常的獲得了本側AS的路由
BGP table version is 2, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
*>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
AS100已經實施完畢,接下來實施AS200的PE和CE
PE-R6: PE-R6(config)#vrf definition Ender PE-R6(config-vrf)#rd 100:200 PE-R6(config-vrf)#address-family ipv4 PE-R6(config-vrf-af)#route-target 100:200 ! PE-R6(config-vrf)#int e0/3 PE-R6(config-if)#no shu PE-R6(config-if)#vrf forwarding PE-R6(config-if)#ip add 67.1.1.6 255.255.255.0 ! PE-R6(config)#router bgp 200 PE-R6(config-router)#address-family ipv4 vrf Ender PE-R6(config-router-af)#neighbor 67.1.1.7 remote-as 300 PE-R6(config-router-af)# neighbor 67.1.1.7 as-override ! R7: router bgp 300 bgp log-neighbor-changes network 77.1.1.1 mask 255.255.255.255 neighbor 67.1.1.6 remote-as 200
驗證RR上是否獲得了本AS一側的客戶的路由
RR-R5#show bgp ***v4 unicast all //RR上獲得了兩側客戶的環回口路由
BGP table version is 3, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i
> 88.1.1.1/32 33.1.1.1 0 100 300 i
可是別高興的太早哦,咱們來查看CE站點
CE-R7#show ip route b
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
CE-R7#
CE-R8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
CE-R8#
咱們發如今CE站點「空無一物」,此時咱們必須查看PE設備是否獲得了完整的路由
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast
Fri Oct 14 18:16:21.345 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 4
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
-
i77.1.1.1/32 55.1.1.1 0 100 0 200 300 i
> 88.1.1.1/32 18.1.1.8 0 0 300 i
PE-R6#show bgp ***v4 unicast all
BGP table version is 2, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
*> 77.1.1.1/32 67.1.1.7 0 0 300 i- i 88.1.1.1/32 33.1.1.1 0 100 0 100 300 I //咱們發現了問題,即從其餘AS更新獲得的路由並不是最優的路由,很明顯,咱們忘記了在多協議BGP的邊界,即RR設備針對PE實施修改下一跳的命令。固然這裏還有另一個解決方案:此時下一跳爲對端AS的RR設備的環回口,該接口地址已經經過BGP獲得了路由,那麼就能夠有條件的把該路由引入到IGP。咱們在此修改下一跳。
RR-R3(config)#router bgp 100 RR-R3(config-router)#address-family ***v4 unicast RR-R3(config-router-af)#neighbor 11.1.1.1 next-hop-self ! RR-R5(config)#router bgp 200 RR-R5(config-router)#address-family ***v4 RR-R5(config-router-af)#neighbor 66.1.1.1 next-hop-self
驗證PE獲得的×××v4路由是否優化
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast
Fri Oct 14 18:22:40.049 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 6
BGP scan interval 60 secs
- i 88.1.1.1/32 33.1.1.1 0 100 0 100 300 I //咱們發現了問題,即從其餘AS更新獲得的路由並不是最優的路由,很明顯,咱們忘記了在多協議BGP的邊界,即RR設備針對PE實施修改下一跳的命令。固然這裏還有另一個解決方案:此時下一跳爲對端AS的RR設備的環回口,該接口地址已經經過BGP獲得了路由,那麼就能夠有條件的把該路由引入到IGP。咱們在此修改下一跳。
Status codes: s suppressed, d damped, h history, valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
>i77.1.1.1/32 33.1.1.1 0 100 0 200 300 I //路由已經最優,那麼就能夠更新給CE端了
> 88.1.1.1/32 18.1.1.8 0 0 300 i
PE-R6#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
> 77.1.1.1/32 67.1.1.7 0 0 300 i
>i 88.1.1.1/32 55.1.1.1 0 100 0 100 300 i
驗證CE端路由是否正常獲得
CE-R7#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
88.0.0.0/32 is subnetted, 1 subnets
B 88.1.1.1 [20/0] via 67.1.1.6, 00:01:46
CE-R8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
77.0.0.0/32 is subnetted, 1 subnets
B 77.1.1.1 [20/0] via 18.1.1.1, 00:02:06
讀者會發現此時客戶站點正常的獲得了其餘站點的路由。固然如今數據沒法實現通訊,由於便籤此時並不連續
8.3.5 域間MPLS的LSP連續的解決方案
標籤分發協議有不少種,經常使用的天然是LDP協議,LDP協議能夠爲域內的IGP路由分發標籤;另一種爲IPv4單播路由分發標籤的工具是BGP協議。在本節中咱們使用BGP爲IPv4的單播路由分發標籤,LDP方式咱們將在13.4小節中實施。
咱們來觀察R6-PE上到達×××v4路由88.1.1.1的下一跳,以及R5-RR上到達×××v4路由88.1.1.1的下一跳
PE-R6#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
> 77.1.1.1/32 67.1.1.7 0 0 300 i
>i 88.1.1.1/32 55.1.1.1 0 100 0 100 300 I //下一跳爲55.1.1.1,而到達55.1.1.1的路由是經過IGP獲得的,則LDP就已經分發了LSP
RR-R5#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i
> 88.1.1.1/32 33.1.1.1 0 100 300 I //RR設備上到達該路由的下一跳爲對端AS的RR的更新源地址,讀者是想,如今到達該下一跳地址33.1.1.1是經過什麼方式獲得的路由呢?沒錯是BGP。而LDP協議是沒法爲BGP路由分發標籤的。一樣的道理,R3上看到的77.1.1.1的路由的下一跳是經過BGP獲得的55.1.1.1
RR-R3#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
> 77.1.1.1/32 55.1.1.1 0 200 300 I //下一跳爲55.1.1.1,而該路由經過下面一條驗證得知經過BGP協議獲得路由
>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
RR-R3#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
55.0.0.0/32 is subnetted, 1 subnets
B 55.1.1.1 [200/0] via 22.1.1.1, 05:44:24
LDP不能解決LSP連續問題,同時在ASBR之間也須要一種使得LSP連續的方式。在前邊的學習中咱們知道BGP是一種重要的分發標籤的協議,除了能夠分發×××v4路由的標籤,還能夠爲IPv4單播路由分發標籤。
在ASBR和RR之間經過BGP的方式爲從BGP協議獲得的RR的更新源的IPv4單播路由分發標籤
ASBR-R4(config)#router bgp 200 ASBR-R4(config-router)#address-family ipv4 unicast ASBR-R4(config-router-af)#neighbor 24.1.1.2 send-label //IPv4地址族下協商爲IPv4單播路由分發標籤的能力 ASBR-R4(config-router-af)#neighbor 55.1.1.1 send-label //IPv4地址族下協商爲IPv4單播路由分發標籤的能力 ! R5: RR-R5(config)#router bgp 200 RR-R5(config-router)#address-family ipv4 unicast RR-R5(config-router-af)#neighbor 44.1.1.1 send-label 驗證IPv4單播標籤: RR-R5#show bgp ipv4 un RR-R5#show bgp ipv4 unicast la RR-R5#show bgp ipv4 unicast labels Network Next Hop In label/Out label 33.1.1.1/32 44.1.1.1 nolabel/19 //R5如今有了出方向的標籤19 55.1.1.1/32 0.0.0.0 imp-null/nolabel 在AS100中存在XR設備, IOS XR經過ipv4 labeled-unicast地址族來支持IPv4標籤 router static address-family ipv4 unicast 24.1.1.4/32 GigabitEthernet0/0/0/1 //手工寫到達對端ASBR的直連地址的主機路由的靜態路由,並且必須爲出接口,才能使得ASBR獲得到達對端ASBR的Pop標籤 ! ! router bgp 100 address-family ipv4 unicast allocate-label all //在IPv4單播路由下針對全部路由分發開關,默認不分發任何標籤 ! neighbor 24.1.1.4 address-family ipv4 labeled-unicast //針對EBGP,在IPv4單播標籤地址族下繼承原來的IPv4單播路由的策略 route-policy EBGP in route-policy EBGP out ! ! neighbor 33.1.1.1 address-family ipv4 labeled-unicast //針對RR激活IPv4單播標籤地址族 next-hop-self R3: RR-R3(config)#router bgp 100 RR-R3(config-router)#address-family ipv4 unicast RR-R3(config-router-af)#neighbor 22.1.1.1 send-label //R3在IPv4單播地址族下和ASBR構建IPv4單播標籤地址族鄰居
驗證RR設備標籤是否分發成功
RR-R3#show bgp ipv4 unicast labels
Network Next Hop In label/Out label
33.1.1.1/32 0.0.0.0 imp-null/nolabel
55.1.1.1/32 22.1.1.1 nolabel/16004 //R3獲得了到達×××v4下一跳即55.1.1.1的的出方向標籤,R2分發的16004
RP/0/0/CPU0:ASBR-2#show mpls forwarding
Fri Oct 14 19:02:27.845 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
16000 Pop 11.1.1.1/32 Gi0/0/0/2 12.1.1.1 55282
16001 Pop 13.1.1.0/24 Gi0/0/0/2 12.1.1.1 0
16002 Pop 24.1.1.4/32 Gi0/0/0/1 24.1.1.4 1424 //該Pop(必定是Pop)標籤是到達24.1.1.4的標籤,這就是咱們寫靜態路由的目的
16003 Pop 33.1.1.1/32 Gi0/0/0/0 23.1.1.3 153104
16004 16 55.1.1.1/32 Gi0/0/0/1 24.1.1.4 61789 //ASBR上到達55.1.1.1的標籤爲24.1.1.4分配的標籤16
CE-R7#traceroute 88.1.1.1 source loopback 0 numeric //此時RR設備到達×××v4路由下一跳的LSP連續,那麼數據能夠正常的在CE站點間發送。
Type escape sequence to abort.
Tracing the route to 88.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 67.1.1.6 1 msec 0 msec 0 msec
2 56.1.1.5 [MPLS: Label 20 Exp 0] 25 msec 26 msec 21 msec
3 45.1.1.4 [MPLS: Labels 19/19 Exp 0] 20 msec 22 msec 20 msec
4 24.1.1.2 [MPLS: Labels 16003/19 Exp 0] 23 msec 20 msec 19 msec
5 23.1.1.3 [MPLS: Label 19 Exp 0] 29 msec 22 msec 24 msec
6 13.1.1.1 [MPLS: Label 16003 Exp 0] 23 msec 19 msec 18 msec
7 18.1.1.8 20 msec * 29 msec
8.3.6 優化標籤轉發路徑解決方案
雖然數據能夠正常的通訊,但請讀者仔細觀察,其實在咱們的拓撲中XR1和XR之間,R4和R6之間存在鏈路,並且運行了LDP協議,若是此時數據經過這些鏈路來轉發,那麼轉發效率明顯優於現有的轉發路徑。解決方案是在RR設備上針對MP-EBGP鄰居作下一跳不變命令,即保持到達×××v4路由的下一跳爲PE設備
RR-R3(config)#router bgp 100 RR-R3(config-router)#address-family ***v4 RR-R3(config-router-af)#neighbor 55.1.1.1 next-hop-unchanged //針對EBGP作下一跳不變命令,即依舊保持下一跳爲PE設備的更新源 ! RR-R5(config)#router bgp 200 RR-R5(config-router)#address-family ***v4 unicast RR-R5(config-router-af)#neighbor 33.1.1.1 next-hop-unchanged
驗證×××v4路由的下一跳
RR-R5#show bgp ***v4 unicast all
BGP table version is 10, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
*>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i
-
88.1.1.1/32 11.1.1.1 0 100 300 i
RR-R3#show bgp ***v4 unicast all
BGP table version is 12, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 -
77.1.1.1/32 66.1.1.1 0 200 300 i
*>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
讀者會發現下一跳不可達,很簡單,RR上並未獲得該路由。解決方案我想讀者也很容易想到,只要在BGP協議中通告該路由便可ASBR-R4(config)#router bgp 200 ASBR-R4(config-router)#address-family ipv4 unicast ASBR-R4(config-router-af)#network 66.1.1.1 mask 255.255.255.255 ! RP/0/0/CPU0:ASBR-2(config)#router bgp 100 RP/0/0/CPU0:ASBR-2(config-bgp)# RP/0/0/CPU0:ASBR-2(config-bgp)#address-family ipv4 unicast RP/0/0/CPU0:ASBR-2(config-bgp-af)#network 11.1.1.1/32 RP/0/0/CPU0:ASBR-2(config-bgp-af)#commi
在修改完畢下一跳以後,咱們來查看下一跳的改變
RR-R3#show bgp ***v4 unicast all
BGP table version is 13, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
> 77.1.1.1/32 66.1.1.1 0 200 300 I //下一跳由RR改變爲PE的更新源,那麼此時咱們就要關注到達PE更新源的LSP連續問題,固然它仍是連續的,不是嘛!
>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
RR-R5#show bgp ***v4 unicast all
BGP table version is 11, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i> 88.1.1.1/32 11.1.1.1 0 100 300 i讓咱們來驗證最後的優化完畢的轉發路徑CE-R7#traceroute 88.1.1.1 source loopback 0 numeric //該路徑不在通過R3,報文到達R2後直接轉發到R1Type escape sequence to abort.Tracing the route to 88.1.1.1VRF info: (vrf in name/id, vrf out name/id)1 67.1.1.6 6 msec 0 msec 1 msec2 56.1.1.5 [MPLS: Label 20 Exp 0] 25 msec 25 msec 27 msec3 45.1.1.4 [MPLS: Labels 21/16003 Exp 0] 24 msec 29 msec 25 msec4 24.1.1.2 [MPLS: Labels 16000/16003 Exp 0] 24 msec 31 msec 26 msec5 12.1.1.1 [MPLS: Label 16003 Exp 0] 23 msec 25 msec 30 msec6 18.1.1.8 26 msec * 26 msec到此Option3實施完畢。
- 1. 思科設備實現城域網架構ISIS+BGP+MPLS-×××多域互通實驗
- 2. 跨運營商的MPLS ×××解決方案1
- 3. 跨運營商的MPLS ×××解決方案3
- 4. 跨運營商的MPLS ×××解決方案2
- 5. 跨運營商MPLS ×××----ATOM解決方案1
- 6. Inter-Provider MPLS Solutions(運營商之間的MPLS解決方案)
- 7. 思科跨域的組播解決方案
- 8. 僞裝網絡工程師27——MPLS跨AS通訊optionC方案1
- 9. 僞裝網絡工程師28——MPLS跨AS通訊optionC方案2
- 10. 跨域解決方案及實現
- 更多相關文章...
- • Hibernate的運行流程 - Hibernate教程
- • 現實生活中的 XML - XML 教程
- • PHP Ajax 跨域問題最佳解決方案
- • 常用的分佈式事務解決方案
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. No provider available from registry 127.0.0.1:2181 for service com.ddbuy.ser 解決方法
- 2. Qt5.7以上調用虛擬鍵盤(支持中文),以及源碼修改(可拖動,水平縮放)
- 3. 軟件測試面試- 購物車功能測試用例設計
- 4. ElasticSearch(概念篇):你知道的, 爲了搜索…
- 5. redux理解
- 6. gitee創建第一個項目
- 7. 支持向量機之硬間隔(一步步推導,通俗易懂)
- 8. Mysql 異步複製延遲的原因及解決方案
- 9. 如何在運行SEPM配置嚮導時將不可認的複雜數據庫密碼改爲簡單密碼
- 10. windows系統下tftp服務器使用